Get the latest federal technology news delivered to your inbox.

There’s no hacking involved here.

The US Federal Communications Commission has drawn criticism in recent months as its new chairman, former Verizon lawyer Ajit Pai, pushes to roll back key provisions of current net neutrality rules. The rules, which first went into place in 2010, require internet service providers like Verizon to offer equal access to all web content; Pai believes they were established based on “hypothetical harms and hysterical prophecies of doom,” and that they’re bad for business.

For months, the American public has been expressing its disdain for Pai’s proposals by filing thousands of complaints to the FCC’s Electronic Comment Filing System. Now, a security researcher has discovered a way to go beyond angry comments. At the moment, the FCC is granting API keys to the filing system to anyone who asks, and the recipients can use the keys to upload files to the FCC’s web servers. There’s no hacking involved here; the API documentation on the FCC’s website explains exactly how to upload files, and those who’ve received API keys from the agency are simply using them. The API was setup this way so that web developers can collect data on submitted comments and submit new comments from other websites.

The oversight was first noticed by a security researcher who posted a link and a screenshot of a fake government document to Twitter on Aug. 30. The document, which was published to the FCC.gov website, is a letter that includes the FCC’s seal and is addressed to “The American People.”